DCE and DFS for Compaq Tru64 UNIX Release Notes

Software Version 4.2.1

[Notices] [Contents]


1. Introduction

If using Tru64™ UNIX® v5.1A, use DCE v4.2.x.

If using version 5.1, continue to use NetCrusader/DCE 4.1.x. (Note the name changes from NetCrusader to Gradient to DCE.) Separate documentation is provided for the two product lines, 4.1.x, and 4.2.x. The Release Notes for DCE v4.2 list the changes in patches 4.1.1, 4.1.2, 4.1.3, and 4.1.4. Changes after 4.1.5 will be paralleled in versions after 4.2.1.

The Release Notes contain the following sections:

1. Introduction
2. Problems Fixed v4.2.1
3. Known Problems and Restrictions v4.2.1
4. Previous Releases
5. Obtaining Technical Support
6. Contacting Entegrity Solutions

These Release Notes provide release information for DCE v4.2.1 software for Tru64 UNIX v5.1A machines.

This document describes new and changed features of DCE v4.2, as well as corrections to known problems, known problems and restrictions, and corrections to documentation. Similar historical information for v4.1 and v4.0 is provided. Entegrity Solutions® recommends that you read this document before installing and using DCE software.

NOTE: The products named DCE, Gradient DCE, NetCrusader/DCE v3.1 (and higher), Digital® DCE v3.1, and Compaq® DCE v3.1 provide essentially the same features; however, only DCE, Gradient DCE , and NetCrusader/DCE function on the Tru64 UNIX v5.x operating system. Although other company names may be referred to within this document (Digital, Compaq, or Gradient Technologies), this DCE product is now produced and supported by Entegrity Solutions® Corporation.

2. Problems Fixed v4.2.1

Problems fixed in previous patches and releases are described in Section 4.2.

dcecp principal show

Corrected a problem with the dcecp principal show command. This problem was occurring on some systems when the principal show command was executed more than once and was producing a "No more entries" error message.

The problem occurred because a registry cursor was not being reset before making a call to look up a principal's group membership. It worked the first time because the structure allocated for the member cursor was being set to 0 by the C library. But on subsequent calls, the cursor was not zero and more than likely was pointing to the old cursor, which was set to the end of the list thus producing the "No more entries" error message. The registry cursor is now being reset before the lookup call.

dcecp -c account show

Fixed a problem where using the dcecp-c account show command returned the error message, "registry object not found." It had occurred because either the original account creator or the last changer of the account were no longer in the registry.

When the registry data could not be found, the error was produced. The UUID was still in the account record in the registry. The change code now checks for this specific error and then converts the account record UUID into a string.

This UUID string is now displayed in place of the account name for either the missing account creator or last changer or both, depending on which one is no longer a valid account. libdcecp, needed for this operation, was rebuilt.

dcesetup: RPC Environment Variables

Fixed a problem where dcesetup had failed to export environment variables correctly, resulting in unwanted network addresses in the local endpoint map (dced) and the CDS namespace. The variables are now read from the DCE configuration file, /opt/dcelocal/dce_services.db, and exported correctly.

(See the NetCrusader/DCE Product Guide Section 10.4 for illustrations of setting up the environment variables.)

The following steps describe one example of how to initially configure a machine into the cell and prevent addresses associated with a specific network interface from being utilized for DCE RPC operations.

  1. Open the /opt/dcelocal/dce_services.db file and insert the entry for the network interface you do not want to export, entering:

    RPC_UNSUPPORTED_NETIFS=tu1, where tu1 is the name of the unsupported network interface.

  2. Run dcesetup config now and select [y] when you are asked if you would like to unconfigure.

  3. After configuration is complete, check the /opt/dcelocal/dce_services.db file to make sure that your RPC_UPSUPPORTED_NETIFS entry still exists. dcesetup leaves it there, with other entries generated during the configuration.

To test that environment variables were exported correctly, you can use the commands dcecp -c rpccp show mapping, and cdscp show cell.

DCE SIA

RPC

Kerberos Tools

DFS

dfsbind

3. Known Problems and Restrictions v4.2.1

Problems listed under Previous Releases may apply to the current release, unless a correction is noted.

DCE SIA

The DCE SIA library, libdcesiad.so, has been written using the pthreads library. This causes some calling applications, including system tools and daemons, to core dump when making system calls to obtain security information. We are looking at this problem and have removed all thread calls and exception handling from the library but due to the nature of some of the required DCE security interfaces, all threading issues could not be resolved. We are still investigating the removal of threads from the library, which may result in a reimplementation of library routines.

DFS

Testing has revealed the following problems, not yet resolved.

Occasional RPC "who are you" messages followed by "set auth binding failed" messages on consoles. These are sometimes, though infrequently, followed by a message to say the client has disconnected from the server. When this occurs, the client will successfully reconnect.

DO NOT apply this file unless you encounter problems. It contains a temporary workaround only.

4. Previous Releases

4.1 New Features (Previous Releases)

4.1.1 New Features v4.2

This section describes new and changed features for NetCrusader/DCE v4.1.

Platforms supported

DCE v4.2 runs only on:

DCE Client DFS Client Servers
Tru64 UNIX v5.1A

X

X

X

TruCluster® 5.1A

X

Sierra Cluster (SC) v2.4

X

X

Updated RPC Interface Specification

In the prior version, 4.1.4, the RPC runtime library was changed, which required that all images that use the DCE RPC be rebuilt. Therefore, applications need up-to-date versions and need to be rebuilt. See the Applications Need Rebuilding item in Known Problems and Restrictions, later in this document.

SIA

DCE SIA was redesigned to:

Security

The password strength daemon (pwd_strengthd) is now included as part of the DCE runtime kit.

DFS

The tkm_adjust program is now part of the DFS kit. The program monitors and adjusts token manager settings for DFS servers.

Internal Nodes

Support for Sierra Cluster Internal Nodes is disabled, pending validation with the Compaq Engineering group.

DCE Runtime

The RPC environment variables are now stored in the DCE services file. This eliminates the manual changing of the dcesetup file to support custom configurations.

The following RPC environment variables are supported:

To use this new feature:

  1. Open the file, /opt/dcelocal/dce_services.db

  2. Add the environment variable followed by an equals sign (=) followed by the desired value(s)

Examples for each of the environment variables follow:

These settings will only affect DCE Runtime Services. To have other applications use these restrictions, the environment variable(s) must be exported prior to running those applications.

4.1.2 New Features v4.1

This section describes new and changed features for NetCrusader/DCE v4.1.

Tru64 UNIX v5.1

Tru64 UNIX v5.1 is now a supported operating system. TruCluster 5.1 and Sierra Cluster v2.0 configurations are now supported.

DFS Support

DFS is supported on Tru64 UNIX v5.1 machines and on Sierra Cluster v2.0 configurations. DFS is not supported on TruCluster v5.1.

RTS, DCE Runtime

Clusters (Compaq TruCluster and Sierra Cluster)

KRB5 Library

A new library provides the KRB5 public functions. It will only work with Tru64 5.1, not 5.0 or earlier versions.

The new library is called: libdcekrb5.so

Users will need to modify their makefiles to use the new library. The name given does not conflict with other public KRB5 libraries.

Privacy Kit

The Privacy Kit is now part of the Base Kit.

4.1.3 New Features v4.0

This section describes new and changed features for the Previous Release, NetCrusader/DCE v4.0.

Tru64 UNIX v5.1

Tru64 UNIX v5.1 is now a supported operating system.

DFS Support

DFS could work with, but was not supported, on Tru64 UNIX v5.0 and v5.0a.

4.2 Problems Fixed (Previous Releases)

Problems fixed in previous releases are listed in this section, the most recent first.

4.2.1 Problems Fixed v4.2

Kerberos Tools

The Kerberos versions of ftpd and telnetd now display the proper name for the operating system and DCE. This indicates whether the Tru64 or the Kerberos version of the tool is being executed.

When a connection is made:

DFS

dfssetup now properly handles errors when configuring DFS servers that have incorrect device names.

4.2.2 Problems Fixed v4.1.4

Reinstalling this kit also implements all the changes in the previous patches 4.1.1, 4.1.2 and 4.1.3.

Reinstallation Necessary

Since the DCE runtime was rebuilt, a complete reinstallation is necessary, to obtain the new images and libraries. It is not necessary to reinstall the man pages for DCE, DFS, or the ADK.

To reinstall, follow these steps on the command line:

  1. Copy the kit, dce414.tar, to some location (NOT /tmp)

  2. # tar -xvf

  3. # cd output

  4. # setld -i | grep DCE | grep "_ _installed"

    This will give you a list of the installed DCE and DFS kits.

  5. # setld -d <kits> except man pages

  6. # setld -l to reinstall the kits

    When the DFS binary is installed, the kernel will be rebuilt.

    Copy the new kernel to /vmunix.

    Be sure the new vmunix is approximately 20MB. If it is only around 15MB, then the DFS option was not built into the kernel. If this happens, follow the steps in the Installation and Configuration Guide Section 1.12.

  7. If the kernel does not rebuild, follow the steps in the Installation and Configuration Guide section 1.12.

cdsadv

Problems were encountered on machines with memory greater than 2 GB. The cdsadv code incorrectly reported back a negative cache size and caused the daemon to core dump.

RPC

We corrected a potential problem with internal RPC structures, that could have caused problems with RPC transmission of data. The RPC runtime library was changed, which required that all images that use RPC be rebuilt.

DFS

Tru64 and Sierra Cluster: Locks

Fixed a problem where errors were reported that locks were being released when they had not been locked. The problem was related to an inadvertent re-initialization of a DFS kernel lock.

Kernel Assert Failures

Sierra Cluster File System - Revocation

Fixed a CFS recovery lock problem. The Cluster File System (CFS) calls through the Universal Buffer Cache (UBC) ops functions to the DFS cache manager cm_putpage function. This could in turn call back into CFS to store code to disk. This produced a recovery lock assertion and executables were not updated.

Other assertions produced include:

Issues addressed include:

Tru64 Systems other than Sierra Cluster

Fixed a lock problem. The File System calls, through the UBC to the DFS Vnode which generates a lock thread. The process stopped in a recursive loop and could not get past the lock to write back to the file system.

Assertions include locked, kernel stack violation, and DCE/DFS assert panics.

DFS Kernel pthread routines

Fixed a race condition in a pthread wait routine.

Where a signal to unlock a mutex came in too soon, before a sleep signal was in effect, it caused a race condition. Now the signal arrives after the sleep signal is activated.

Errors listed included: dfs:auth helper not running; DCE errors: DFS, dfsbind; DCE Hang; set auth binding failed, running unauthenticated, LS command hanging, and Node hangs upon login following user/password.

secd - Security Server

A problem was found in configurations with a master and one or more replica security servers. When a principal was removed from a group, the master server crashed and would not properly restart. This was being caused by mapping the change log item to an improper structure when the security change log was being propagated to replica servers. The log item is now mapped to the correct structure and the problem has been corrected.

4.2.3 Problems Fixed v4.1.3

rsh

Fixed two problems that occurred when using the Kerberos version of rsh (Restricted Shell).

The patch kit replaces rsh and rshd files for:

It does not apply to version 3.1 or other versions not listed.

NOTE: You will need to obtain a new version of Tru64 rshd from Compaq when they make it available. The existing Tru64 version of rshd also had the same problems.

4.2.4 Problems Fixed v4.1.2

SIA

When DCE SIA was disabled, the removal script would sometimes leave the /etc/sia/matrix.conf file linked to a nonexistent file (/etc/sia/bsd_matrix.conf). Now the insert and remove scripts ensure that the matrix.conf file is correctly linked.

The sec_remove_dce_entires.sh and sec_insert_dce_entries.sh shell scripts have been modified to check for the existence of prior matrix.conf files before setting the value of /etc/sia/matrix.conf.

The insertion script now copies the current matrix.conf file to matrix.conf.preDCE.

The removal script now performs the following steps and the new scheme is as follows:

The following items are checked in order. The first match sets the new matrix.conf file.

C2 Active Old matrix.conf file New matrix.conf file
N/A

Yes

Yes

No

No

matrix.conf.preDCE

OSFC2_matrix.conf

bsd_matrix.conf

bsd_matrix.conf

<none of the above>

matrix.conf.preDCE

OSFC2_matrix.conf

bsd_matrix.conf

bsd_matrix.conf

.proto..matrix.conf

4.2.5 Problems Fixed v4.1.1

Installing Cluster

Fixed where the cluster install script did not create cdsl for /etc/sia and /etc/krb5.conf.

4.2.6 Problems Fixed v4.1

This section describes problems fixed in NetCrusader/DCE v4.1.

DFS

RTS DCE SIA

DCE Runtime

In RPC only configurations, dced would not start and a "Yellow Zone" stack overflow message was reported in the dced.log file. This was an intermittent problem on some systems. The problem was due to an insufficient stack size in the bootstrap_mgmt thread where dced was initializing interfaces. The stack size for this thread has been doubled and the problem is now fixed.

CDS Advertiser

The CDS advertiser daemon (cdsadv) was hanging during some start up sequences. The hang was occurring in DCE cell configurations with one or more CDS replicas. The problem was being caused by a down or unreachable CDS replica. During this time, the internal CDS reader got into a hung state when the command to check for cdsadv daemon was executed. This problem has been fixed.

4.2.7 Problems Fixed v4.0

This section describes problems fixed in NetCrusader/DCE v4.0.

CDS Client Access

Due to a marginal stack size, calls to obtain values from CDS would occasionally result in the call hanging. The stack size has been increased.

dcesetup

DFS

An internal symbol, inet_addr, in the kernel RPC and DFS code caused a symbol collision when trying to build a DFS enabled kernel on Tru64 v5.0 Cluster. A duplicate routine was provided in the /usr/opt/TCR500/sys/ics_11_tcp.mod file. The name of the routine was changed to the dce_inet_addr name.

Kerberos Configuration Tool (kcfg)

randd (v5.1 systems only)

Due to a change in the naming of forked processes, the randd daemon would get started multiple times during the configuration process. This problem has been fixed by altering the way the randd daemon is detected.

rshd

Security Server

The dcesetup script appeared to hang when trying to create a security replica on a machine. This happened on machines that were reconfigured into a different cell. The hang occurred because the /etc/krb5.conf file was not properly updated. The value for default_realm needed to be corrected to have the value of the new DCE cell. This would fix the problem.

4.3 Configuration Notes (Previous Releases)

4.3.1 Configuration Notes v4.0

This section describes additional information to be aware of during configuration.

DFS

The value of the @SYS variable was changed from alpha_OSF1 to alpha_tru64_v500. This value now (version 4.0) reflects the version of the operating system. (changed to alpha_tru64_510 in the current version: 4.1)

Kerberos Tools

A user must have forwardable credentials and use the -f switch on rlogin and rsh to obtain credentials on the remote machine. After logging into DCE, a user needs to obtain forwardable credentials by executing kinit -f and providing their password. When the tool is used, the user must provide -f as the first parameter and DCE credentials will be obtained when the program is executed.

4.4 Known Problems and Restrictions (Previous Releases)

The following were known problems and restrictions at the times of their respective releases. Many list workarounds.

4.4.1 Known Problems and Restrictions v4.2

Versions

The 4.2 kit will run only onTru64 v5.1A, not earlier versions.

Applications Need Rebuilding

Third party DCE based applications or software, such as Hewlett Packard OpenView, that require DCE components, must be up-to-date with this version, and be rebuilt. Versions released in 2002, should have indications that they run on DCE 4.1.4 and 4.2. (There is a backward compatible version of DCE available for the transitional version, 4.1.4, but there are not backward compatible versions for later versions, v4.1.5 upwards, and v4.2.x).

In version, 4.1.4, we corrected a potential problem with internal RPC structures, that could have caused problems with RPC transmission of data. The RPC runtime library was changed, which required that all images that use RPC be rebuilt.

Rebuild all images (including the stub/client code) that depend on DCE, using the DCE 4.1.4 or 4.2 ADK (depending on the version being used).

Internal Nodes Support for Sierra Cluster

Internal nodes support is disabled, pending validation with the Compaq Sierra Engineering Group.

getpwuid interface for DCE SIA

The getpwuid interface of DCE SIA does not work properly with the Tru64 5.1A operating system.

Workaround:

This problem can be removed by replacing one line in the /etc/sia/matrix.conf file after DCE SIA has been enabled and before the system is rebooted. (If you forget to change the file and reboot, then you will have to boot the system in single user mode and make the change.)

Change

siad_getpwuid=(DCE, libdcesiad.so) (BSD,libc.so)

to

siad_getpwuid=(BSD,libc.so)

This may cause a problem if groups are defined in the DCE registry that are not in the /etc/groups file on the local system.

Entegrity is working closely with the CompaqTru64 Engineering group to resolve this problem.

DCE SIA must be disabled before deleting DCE runtime

Disable DCE SIA before deleting the DCE runtime kit. If DCE SIA is enabled while you attempt to delete the kit, the following message will be displayed:

The DCE SIA library is in the /etc/sia/matrix.conf file.
Removing the DCE runtime kit with DCE SIA enabled will
cause the system to behave improperly or hang.
Please disable DCE SIA by using dcesetup prior to deleting 
the DCE runtime kit.
The DCE runtime kit will not be deleted.

Reenable DCE SIA after the DCE runtime kit is reinstalled.

DFS

For DFS on Sierra Clusters, the DFS cache must be on a locally mounted filesystem.

There is a performance-related problem that occurs with RPC calls from the DFS components within the kernel. This problem is being worked on and will be resolved in a future patch.

dced

dced Daemon Consumes Large Memory Amounts

For configurations with security servers that export DECnet bindings, the dced daemon consumes large memory amounts. This occurs due to a problem in the pe_site update thread that periodically updates the security server binding list in the /opt/dcelocal/etc/security/pe_site file. The DECnet bindings are not properly handled and cause a problem with call threads.

Workaround

For applicable client configurations, place the following in the /opt/dcelocal/dce_services.db file:

disable pe_site_update

This will disable the thread.

If security servers are added, then the pe_site file should be manually updated with the new binding information.

HP OpenView

Prior versions of HP Open View do not work with this version.

If you are using HP OpenView, you need to obtain the latest build from Hewlett Packard.

dcecp: Security with Replica

(Corrected in version 4.2.1)

If the following command sequence is executed, an error is generated:

dcecp

principal show <ajg>

This works the first time but not on subsequent events.

Error: No more matching entries even though the principal exists.

Workaround

Use rgy_edit as follows:

  1. rgy_edit

  2. do p

  3. view ajg -f

  4. view tpb -f

4.4.2 Known Problems and Restrictions v4.1.4

HP OpenView

Prior versions of HP Open View do not work with this version.

If you are using HP OpenView, you need to obtain the latest build from Entegrity support, dce414_64bit_if.tar.

Cluster: DFS Cache Directory

The DFS cache directory MUST be placed into a local mounted file system. This is not a concern for standalone machines. However, for cluster machines it is, so the user will have to make sure before configuring DFS in the cluster. The dfssetup script will verify that the requested DFS cache directory is a local mounted file system.

While configuring, choose between the defaults:

standalone: /opt/dcelocal/var/adm/dfs/cache.
cluster: /local/dfscache.

dfssetup now enforces that the DFS cache directory is mounted on a local filesystem for cluster configurations. If the cache directory is not a local filesystem, then DFS will not start when the machine is booted and the following message will be issued:

DFS client cache is at <disk cache directory>
The DFS cache MUST be on a locally mounted filesystem for a 
cluster configuration. You must reconfigure the client.
DFS will not be started.

Cluster: Clobbering DFS

For cluster configurations, the DFS startup/shutdown scripts are not removed when a single member's DFS configuration is clobbered. This was causing a problem where other cluster members would not start DFS on startup.

If the DFS client configuration is clobbered on a cluster member, the following message is printed:

To remove DFS startup/shutdown files for the cluster, run the following 
commands. Note, that if you are clobbering only some of the cluster 
members, then issuing these commands will prevent DFS from starting on the 
other cluster members.
rm -f /sbin/init.d/dfsstartup
rm -f /sbin/rc3.d/S67dfs
rm -f /sbin/init.d/dfsshutdown
rm -f /sbin/rc0.d/K00dfs
rm -f /sbin/rc2.d/K00dfs

4.4.3 Known Problems and Restrictions v4.1

This section describes problems known in NetCrusader/DCE version 4.1.

DFS

Occasionally, dfsd will hang, causing the system to significantly slow down. The problem is caused by a write lock on a file node in the dfsd

DMS Dataless Management System

Though DMS works with a non-clustered environment, it is not supported in a clustered environment.

Installation

In a Cluster environment, it is recommended that you only install the Run Time Services and Command Reference Manual Pages of the DCE kits. The others might work, but are not fully tested, so are not supported.

Sierra Cluster

Member nodes that do not have external network addresses are not supported.

4.4.4 Known Problems and Restrictions v4.0

This section describes problems known in the previous version,

NetCrusader/DCE v4.0.

DFS for Tru64 UNIX v5.1 Was Not Supported

In NC/DCE release NC/DCE v4.0, DFS for Tru64 v5.1 was not supported, due to several internal operating system changes.

In NC/DCE release 4.1, DFS only works on 5.1 machines.

DFS Cache Manager Hangs

Occasionally the DFS cache manager hangs and dfsbind will crash causing a core dump. This problem is being addressed and will be fixed in a subsequent release.

DECnet

When DECnet is installed and configured on a Tru64 v5.1 system, one may get the following error when dced tries to start:

2000-12-14-09:00:17.142-05:00I418.531 dced ERROR dhd general main.c 1721 0
x3ffc01b2000
Process (pid 3442) exited with status 0400

First, make sure you have the correct version of DECnet installed and configured. If the problem still persists, disable DECnet use from DCE by putting the following into /opt/dcelocal/bin/dcesetup:

RPC_SUPPORTED_PROTSEQ=ncacn_ip_tcp:ncadg_ip_udp
export RPC_SUPPORTED-PROTSEQ

This will eliminate the use of DECnet with DCE.

Error Condition on DCE Client

The following error has been seen while running the machine as a DCE client:

cdsclerk (2514) FATAL rpc recv krbclt.c 285 (rpc__krb_get_tkt) Unexpected exception was raised.

The client machine's DCE functions still appear to work properly; however, the DTS daemon may hang and require restarting.

dced

If you try to configure DCE before you configure the network on the system, then dced will not start. You will receive the following messages:

Init dcedStarting dced...dced ERROR dhd general main.c 1721

If you get this error message, then configure the network first before trying to configure DCE.

Stack Sizes

Due to memory alignment and allocation changes in Tru64 V5.0 and later, problems have been seen with threads due to insufficient stack sizes. Problems that have been seen are "Yellow Zone" stack overflow messages, SEGV exceptions, thread hangs, and thread early termination.

To solve the problem, increase the stack size as needed. This applies to DCE based application programs (not the kernel).

fts command

The system crashes when executing the following fts command:

fts restart -bosserver -server <bos server>
To fix this problem, contact Compaq support to obtain a patch for the execvp 
calls. The problem occurs due to a system crash when a new shell is invoked 
via one of these calls.

dcecp

The following dcecp commands do not work for this release:

Split Server Configuration

Split server configuration using a node running NetCrusader/DCE v4.0 as the Security Server and a node running Transarc or HP DCE V1.3b ECO #2 as the CDS Server is not supported in this release. A DCE Release 1.2.2 system running IBM AIX R1.2.2 cannot be configured in a split cell environment as the Security server if NetCrusader/DCE v4.0 is configured to run the CDS server. This problem will be corrected in a future product release.

Configuring a Security Server Replica

In a mixed version Security server/replica environment, the Security server must be configured at the lowest DCE software revision in use. For example, you cannot configure a Security replica on a DCE for Tru64 UNIX Version 2.x system, if the Security server is running on a NetCrusader/DCE v4.0 system. The Security server must be running the same or lower version of DCE as that running on the Security replica system.

Entegrity cannot guarantee that you can configure a security replica on a NetCrusader/DCE v4.0 system when the Security server runs on another vendor's DCE Release 1.2.2 system. Conversely, it may not be possible to configure a security replica on another vendor's DCE Release 1.2.2 system when the Security server runs on a NetCrusader/DCE v4.0 machine. This problem will be corrected in a future product release.

passwd_export Command

When the execution of the passwd_export command is interrupted, this process leaves the /etc/passwd and the /etc/group in an unusable state.

Kerberos kcfg tool

The /etc/krb5.conf configuration file does not always get properly reset when a machine is reconfigured into a different cell or into its own cell. The Kerberos tools will return an error message stating that the remote server returns a "Wrong principal in request" error message. You need to manually edit the /etc/krb5.conf file to correct the following item:

default_realm=<current cell>

Enter the value of your current cell name after the equal sign with no spaces.

Kerberos rsh tool

Permission denied errors come to various sources. First, the /opt/dce/bin/rsh image should reside in the /usr/bin directory with permissions of 4755 (note that the system bit is enabled) and the file owner should be root:bin. Also, it is suggested that you copy the operating system's version of the program to a safe location. These steps also apply to the other Kerberos client programs such as rlogin and telnet.

Kerberos 5 and Kerberos 5 Compliant Utilities

CDS

The command dcecp -c clearinghouse disable /.:/clearinghouse renders the CDS server "Unable to Communicate." As a Workaround you can recreate the clearinghouse and then issue a dcecp -c clearinghouse delete command.

Example Programs

There is no README file associated with the DTS examples.

Public Key Storage Server Does Not Support Security Replicas

The Public Key Storage Server (PKSS) was not designed to support Security Replicas as stated in the non-goals section of the PKSS RFC (RFC 94.0) from The Open Group. The dcesetup program does not allow you to configure a PKSS in a client and/or security replica environment.

PKI Components Disabled

The PKI, public key, components have been disabled internally. The pkss server can be configured but will not properly operate due to the RSA library being removed from the library.

If you need PKI capability, please contact Entegrity Solutions.

Thread Stack Overflow Not Reported

Calling the sec_login_valid_from_keytable routine from a thread (as is commonly done in a server's refresh identity thread) may result in a silent thread stack overflow, a SEGV, and a memory fault (core dump). This problem can be avoided by using the pthread_attr_setstacksize routine to increase the thread's stack size.

Increasing the stack size to 65536 bytes corrected the stack overflow problem in our test case.

Use STDERR Instead of STDOUT with dcesetup

The dcesetup utility uses output from dcecp commands to verify that certain interfaces are running. When Serviceability via the routing file is turned on, dcesetup can successfully bring up all the daemons only if STDERR is specified instead of STDOUT.

SIA

Change in Reported Zero Divide Exception

The reported exception for dividing a number by zero has changed due to a change in the operating system reporting mechanism. The following table lists the reported exceptions for dividing by zero.

exc_e_aritherr

0 / 0

exc_c_fltdiv

x / 0 (where x != 0)

4.5 Corrections to Documentation (Previous Releases)

4.5.1 Corrections to Documentation v4.0

The following documentation problems have been noted in the DCE manpages:

5. Obtaining Technical Support

If you purchased your Gradient product directly from Entegrity Solutions Corporation or Gradient Technologies, Inc. you are entitled to 30 days of limited technical support beginning on the day the product is expected to arrive.

You may also purchase a support plan that entitles you to additional services. You must register prior to receiving this support. For details, refer to the customer support information package that accompanied your shipment or refer to the Technical Support area of http://support.entegrity.com. The web site also contains online forms for easy registration.

If you purchased DCE 4.2 from a reseller, please contact the reseller for information on obtaining technical support.

6. Contacting Entegrity Solutions

See the contact information on our web site: http://www.entegrity.com/corporate/offices.shtml


[Notices] [Contents]


To make comments or ask for help, contact support@entegrity.com.

Copyright © 1997-2002 Entegrity Solutions Corporation & its subsidiaries
All Rights Reserved.